Does rpcpassword need to be non-obvious in bitcoind?Do i need ~4 years to sync?Full-node bitcoin instance seems to have stopped receiving blockchain informationHow many peers do you need to securely synchronize with the blockchain?What does one need to do to earn Decred through PoS?Very hard to sync Core Client from scratchbitcoind syncing backwardsNeed to access remote bitcoin node for LightningCan non mining full nodes prevent 51% attack? Does it actually strengthen the network? I am confused of its real purpose
Is it safe to unplug a blinking USB drive after 'safely' ejecting it?
My passport was stamped with an exit stamp while transiting to another Schengen country via Turkey. Was this a mistake?
How is underwater propagation of sound possible?
Amiga 500 OCS/ECS vs Mega Drive VDP
(How long) Should I indulge my new co-workers?
Should I inform my future product owner that there is a good chance that a team member will leave the company soon?
Manager manipulates my leaves, what's in it for him?
What do you call the battery slot's ends?
Output Distinct Factor Cuboids
Why are there two bearded faces wearing red hats on my stealth bomber icon?
Is the name of an interval between two notes unique and absolute?
Can one guy with a duplicator trigger a nuclear apocalypse?
What can I actually do with a high credit score?
EU compensation - fire alarm at the Flight Crew's hotel
How often is duct tape used during crewed space missions?
Minimize taxes now that I earn a living wage
Is a global DNS record a security risk for phpMyAdmin?
What’s a “dissipated” garment supposed to be?
Floating Point XOR
Why would a fighter use the afterburner and air brakes at the same time?
Carroll's interpretation of 1-forms
If people's daily habits are reliable then why is the stock market so unpredictable?
Why are there no programmes / playbills for movies?
What is the origin of the “clerics can create water” trope?
Does rpcpassword need to be non-obvious in bitcoind?
Do i need ~4 years to sync?Full-node bitcoin instance seems to have stopped receiving blockchain informationHow many peers do you need to securely synchronize with the blockchain?What does one need to do to earn Decred through PoS?Very hard to sync Core Client from scratchbitcoind syncing backwardsNeed to access remote bitcoin node for LightningCan non mining full nodes prevent 51% attack? Does it actually strengthen the network? I am confused of its real purpose
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I'm syncing a full BTC node onto an external hard drive, which I'm connecting to by USB. I've created a bitcoin.conf file which sets a very insecure rpcpassword. This is literally the only field I put in the bitcoin.conf file. In what way does this matter?
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
synchronization full-node
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
add a comment
|
I'm syncing a full BTC node onto an external hard drive, which I'm connecting to by USB. I've created a bitcoin.conf file which sets a very insecure rpcpassword. This is literally the only field I put in the bitcoin.conf file. In what way does this matter?
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
synchronization full-node
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
add a comment
|
I'm syncing a full BTC node onto an external hard drive, which I'm connecting to by USB. I've created a bitcoin.conf file which sets a very insecure rpcpassword. This is literally the only field I put in the bitcoin.conf file. In what way does this matter?
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
synchronization full-node
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
I'm syncing a full BTC node onto an external hard drive, which I'm connecting to by USB. I've created a bitcoin.conf file which sets a very insecure rpcpassword. This is literally the only field I put in the bitcoin.conf file. In what way does this matter?
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
synchronization full-node
synchronization full-node
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
edited 10 hours ago
jkabrg
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
asked 10 hours ago
jkabrgjkabrg
1257 bronze badges
1257 bronze badges
add a comment
|
add a comment
|
2 Answers
2
active
oldest
votes
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to callbitcoin-cli stop
– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
|
show 1 more comment
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "308"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f90418%2fdoes-rpcpassword-need-to-be-non-obvious-in-bitcoind%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to callbitcoin-cli stop
– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
|
show 1 more comment
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to callbitcoin-cli stop
– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
|
show 1 more comment
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
By default the RPC interface is only exposed to localhost (127.0.0.1 and ::1), not to the world. In that setting, you need an RPC password only to protect against untrusted local users on your system (unless you're somehow tunneling the RPC port 8332 out).
That said, why do you have an rpcpassword at all? If you're only going to use bitcoin-cli for example you don't need one since version 0.12 (see https://bitcoin.org/en/release/v0.12.0#rpc-random-cookie-rpc-authentication). If you need for having external applications to to bitcoind, rpcauth is preferred over rpcpassword.
There is certainly no need to restart syncing.
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
edited 10 hours ago
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
answered 10 hours ago
Pieter WuillePieter Wuille
52.2k4 gold badges106 silver badges177 bronze badges
52.2k4 gold badges106 silver badges177 bronze badges
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to callbitcoin-cli stop
– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
|
show 1 more comment
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to callbitcoin-cli stop
– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
Isn't the RPC port 8332?
– Ugam Kamat
10 hours ago
1
1
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
@UgamKamat Thanks, fixed!
– Pieter Wuille
10 hours ago
I need it to call
bitcoin-cli stop– jkabrg
9 hours ago
I need it to call
bitcoin-cli stop– jkabrg
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
No need for an rpcpassword at all in that case. Since 0.12 cookie authentication is used when no rpcpassword/rpcauth are set (a file is created by bitcoind with a randomly generated password in it, and that file is read by bitcoin-cli, and deleted when bitcoind exits).
– Pieter Wuille
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
Should I still have a config file, albeit an empty one?
– jkabrg
9 hours ago
|
show 1 more comment
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
add a comment
|
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
add a comment
|
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
The RPC interface is not exposed to anything except localhost by default. So other people on your network, nor people on the internet, can access it unless you have explicitly enabled outside access using rpcbind=<ip> and rpcallowip=<ip>. So even using an insecure rpcpassword should be safe. Furthermore, it is completely useless if you don't also set rpcuser.
However rpcpassword is deprecated and it is not recommended that you use that. In fact, it is not necessary for it to be set in order to access the RPC interface. A RPC user and password will be provided in the .cookie file that is found in the data directory. bitcoin-cli will automatically use the user and password set in that file.
(I've just changed the password. Should I restart the sync, given that it's 49% through?)
Restarting Bitcoin Core will not restart the sync. It will continue where it left off when it stopped. Nothing will be lost if you restart.
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
answered 10 hours ago
Andrew Chow♦Andrew Chow
38.3k4 gold badges28 silver badges70 bronze badges
38.3k4 gold badges28 silver badges70 bronze badges
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
add a comment
|
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
Yours was the first answer I saw by about a few seconds. Thank you!
– jkabrg
10 hours ago
add a comment
|
Thanks for contributing an answer to Bitcoin Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f90418%2fdoes-rpcpassword-need-to-be-non-obvious-in-bitcoind%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
